Re: URL disambiguation from Stephen Farrell on 2008-03-04 (public-wsc-wg@w3.org from March 2008)

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Tue, 04 Mar 2008 20:23:41 +0000
To: michael.mccormick@wellsfargo.com
CC: public-wsc-wg@w3.org
Message-ID: <47CDAFCD.1020803@cs.tcd.ie>
michael.mccormick@wellsfargo.com wrote:
> There are several possible scenarios, including:
> 
> 1. tcd.ie and www.tcd.ie both have A records
> 2. www.tcd.ie has an A record and tcd.ie has a CNAME record aliased to
> it
> 3. only www.tcd.ie has a DNS record
> 
> I was focused on scenario 3.  I don't see scenarios 1 or 2 as requiring
> any URL disambiguation in the browser.
> 
> In scenario 3 I believe there are some browsers that will send a user
> who enters "tcd.ie" to www.tcd.ie instead of returning a Domain Does Not
> Exist error.  This is the behavior that I feel W3C should restrict or at
> least standardize.

Fair 'nuff. My take would be to tell the browsers not to mess about
it in that case.

S.

> 
> I hope this clarifies my intent.
> 
> Cheers, Mike
> 
> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
> Sent: Tuesday, March 04, 2008 1:45 PM
> To: McCormick, Mike
> Cc: public-wsc-wg@w3.org
> Subject: Re: URL disambiguation
> 
> 
> 
> michael.mccormick@wellsfargo.com wrote:
>> _http://no-www.org/_
>> _http://yes-www.org/_
>>
>> No doubt most of you are familiar with these web sites, and with the 
>> arguments for and against requiring host names in URLs.
>>
>> Most browsers seem to make it a moot point by accepting both forms of 
>> URL.
> 
> Does the browser? Isn't that usually done via a CNAME in DNS or else by
> having two A records for the server? It'd be wrong for a browser to
> assume that the A record for tcd.ie and www.tcd.ie need to be the same.
> 
> S.
> 
>  > If I type "example.com" into my browser it takes me to
>> _http://www.example.com_.  The agent is letting me be lazy and skip 
>> typing the protocol (_http://_) or hostname (_www._ <file://www.>) 
>> portions of my destination address.
>>
>> The process of URL disambiguation, whereby the UA attempts to guess 
>> parts of the address the user has omitted, should be standardized for 
>> both security & experience reasons:
>>
>> [protocol://][host.][domain][.TLD][:port][/[path]][?query]
>>
>>  - If protocol omitted, UA must try https before http.  (Always prefer
> 
>> a TLS protected destination.)
>>
>>  - If host omitted, and protocol is http(s), UA may try the host name 
>> "www" in the target domain if it has a DNS record, unless the agent is
> 
>> in SBM mode.
>>
>>  - etc.
>>
>>
>> *Michael McCormick, CISSP*
>> Lead Security Architect, Information Security Technologies Wells Fargo
> 
>> Bank "THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF 
>> WELLS FARGO"
>> /This message may contain confidential and/or privileged information.
> 
>> If you are not the addressee or authorized to receive this for the 
>> addressee, you must not use, copy, disclose, or take any action based 
>> on this message or any information herein.  If you have received this 
>> message in error, please advise the sender immediately by reply e-mail
> 
>> and delete this message.  Thank you for your cooperation./
>>
> 
> 
>
Received on Tuesday, 4 March 2008 20:24:06 UTC